//package com.jn.erp.security;
//
////import com.hzb.erp.configuration.SystemConfig;
////import com.hzb.erp.security.handler.JwtTokenFilter;
////import com.hzb.erp.security.handler.MyLogoutSuccessHandler;
////import com.hzb.erp.security.provider.StaffAuthenticationProvider;
////import com.hzb.erp.security.provider.UserAuthenticationProvider;
////import com.hzb.erp.security.provider.staff.StaffAuthenticationFilter;
////import com.hzb.erp.security.provider.user.UserAuthenticationFilter;
//import com.jn.erp.security.filter.JwtAuthenticationTokenFilter;
//import com.jn.erp.security.provider.StaffAuthenticationProvider;
//import com.jn.erp.security.provider.UserAuthenticationProvider;
//import com.jn.erp.security.provider.staff.StaffAuthenticationFilter;
//import org.springframework.beans.factory.annotation.Autowired;
//import org.springframework.context.annotation.Bean;
//import org.springframework.context.annotation.Configuration;
//import org.springframework.http.HttpMethod;
//import org.springframework.security.access.AccessDecisionManager;
//import org.springframework.security.authentication.AuthenticationManager;
//import org.springframework.security.authentication.ProviderManager;
//import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
//import org.springframework.security.config.annotation.ObjectPostProcessor;
//import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
//import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
//import org.springframework.security.config.annotation.web.builders.HttpSecurity;
//import org.springframework.security.config.annotation.web.builders.WebSecurity;
//import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
//import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
//import org.springframework.security.config.http.SessionCreationPolicy;
//import org.springframework.security.core.userdetails.UserDetailsService;
//import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
//import org.springframework.security.web.AuthenticationEntryPoint;
//import org.springframework.security.web.access.AccessDeniedHandler;
//import org.springframework.security.web.access.intercept.FilterInvocationSecurityMetadataSource;
//import org.springframework.security.web.access.intercept.FilterSecurityInterceptor;
//import org.springframework.security.web.authentication.AuthenticationFailureHandler;
//import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
//import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
//import org.springframework.security.web.authentication.logout.LogoutSuccessHandler;
//
///**
// * description :  Spring Security 配置类
// */
//@Configuration
//@EnableWebSecurity
//@EnableGlobalMethodSecurity(prePostEnabled = true)
//public class SpringWebSecurityConfig extends WebSecurityConfigurerAdapter {
//
//    private static final String STAFF_LOGIN_URL = "/login";
//    private static final String STUDENT_LOGIN_URL = "/student/login";
//    private static final String LOGOUT_URL = "/logout";
//
//    @Autowired
//    private AuthenticationFailureHandler authenticationFailureHandler;
//    @Autowired
//    private AuthenticationSuccessHandler authenticationSuccessHandler;
//    @Autowired
//    private AccessDeniedHandler accessDeniedHandler;
//    @Autowired
//    private AuthenticationEntryPoint authenticationEntryPoint;
//    @Autowired
//    private FilterInvocationSecurityMetadataSource filterInvocationSecurityMetadataSource;
//    @Autowired
//    private AccessDecisionManager accessDecisionManager;
//
//    @Autowired
//    private LogoutSuccessHandler logoutSuccessHandler;
//
//    @Autowired
//    private StaffAuthenticationProvider staffAuthenticationProvider;
////    @Autowired
////    private UserAuthenticationProvider userAuthenticationProvider;
////    @Autowired
////    private SystemConfig systemConfig;
//
//    /**
//     * token认证过滤器
//     */
//    @Autowired
//    private JwtAuthenticationTokenFilter authenticationTokenFilter;
//
//
//    @Override
//    protected void configure(HttpSecurity http) throws Exception {
//
////        JwtTokenFilter jwtTokenFilter = new JwtTokenFilter();
//
//        // 登陆验证信息
//        http.authorizeRequests()
//                // 处理权限 springboot启动时调用一次
//                .withObjectPostProcessor(new ObjectPostProcessor<FilterSecurityInterceptor>() {
//                    @Override
//                    public <O extends FilterSecurityInterceptor> O postProcess(O object) {
//                        object.setSecurityMetadataSource(filterInvocationSecurityMetadataSource);
//                        object.setAccessDecisionManager(accessDecisionManager);
//                        return object;
//                    }
//                })
//                .antMatchers(HttpMethod.OPTIONS, "/**").permitAll()
//                .anyRequest().authenticated()
//                .and()
//                .formLogin()
//                .and()
//                // 添加Logout filter
//                .logout()
//                .logoutUrl(LOGOUT_URL)
//                .logoutSuccessHandler(logoutSuccessHandler)
//                .permitAll();
//
//        // 禁用session
//        http.sessionManagement()
//                .sessionCreationPolicy(SessionCreationPolicy.STATELESS)
//                .and().cors()
//                .and().csrf().disable();
//
//        // 添加JWT filter
////        http.addFilterBefore(authenticationTokenFilter, UsernamePasswordAuthenticationFilter.class);
////        // 两种登录方式
////        http.addFilterAt(staffAuthenticationFilter(), UsernamePasswordAuthenticationFilter.class);
//////        http.addFilterAt(staffAuthenticationFilter(), UsernamePasswordAuthenticationFilter.class)
//////                .addFilterAt(userAuthenticationFilter(), UsernamePasswordAuthenticationFilter.class)
//////                .addFilterAfter(jwtTokenFilter, UsernamePasswordAuthenticationFilter.class);
//
//        // 权限处理信息
//        http.exceptionHandling()
//                // 用来解决认证过的用户访问无权限资源时的异常
//                .accessDeniedHandler(accessDeniedHandler)
//                // 用来解决匿名用户访问无权限资源时的异常
//                .authenticationEntryPoint(authenticationEntryPoint);
//
//
//    }
//
//    @Override
//    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
////        auth.authenticationProvider(staffAuthenticationProvider);
////        auth.authenticationProvider(userAuthenticationProvider);
//    }
//
//    @Override
//    public AuthenticationManager authenticationManagerBean() throws Exception {
//        return super.authenticationManagerBean();
//    }
//
//    // 员工登录过滤器
//    @Bean
//    public StaffAuthenticationFilter staffAuthenticationFilter() throws Exception {
//        StaffAuthenticationFilter filter = new StaffAuthenticationFilter();
//        filter.setAuthenticationManager(authenticationManagerBean());
//        filter.setAuthenticationSuccessHandler(authenticationSuccessHandler);
//        filter.setAuthenticationFailureHandler(authenticationFailureHandler);
//        filter.setFilterProcessesUrl(STAFF_LOGIN_URL);
//        return filter;
//    }
//
//    // 学生登录过滤器
////    @Bean
////    public UserAuthenticationFilter userAuthenticationFilter() throws Exception {
////        UserAuthenticationFilter filter = new UserAuthenticationFilter();
////        filter.setAuthenticationManager(authenticationManagerBean());
////        filter.setAuthenticationSuccessHandler(authenticationSuccessHandler);
////        filter.setAuthenticationFailureHandler(authenticationFailureHandler);
////        filter.setFilterProcessesUrl(STUDENT_LOGIN_URL);
////        return filter;
////    }
//
//    /**
//     * 忽略策略
//     *
//     * @param web
//     * @throws Exception
//     */
//    @Override
//    public void configure(WebSecurity web) throws Exception {
////        web.ignoring().antMatchers(systemConfig.getSecurityIgnoringMatchers().toArray(new String[0]));
//        web.ignoring().antMatchers("/login", "/register", "/captchaImage", "/deptList");
//    }
//
//
//
//
//
//
//}
